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CLAIMS 

What is claimed is: 

5 1. A method performed on a first server for communicating with a mobile 

station in order for the mobile station to update a security-related parameter, 
comprising: 

determining that a request expressed in a first protocol has been made by a 
second server for updating the security-related parameter on the mobile station; and 
1 0 in response to determining, packaging the request in a message expressed 

in a second protocol and communicating the message to the mobile station. 

2. The method of claim 1 , wherein the first protocol comprises a 
signaling protocol and the second protocol comprises an internet protocol. 

15 

3. The method of claim 2, wherein the signaling protocol further 
comprises an over-the-air management protocol, and wherein the internet protocol 
further comprises an over-the-air internet protocol. 

20 4. The method of claim 3, wherein the over-the-air management protocol 

comprises an IS-683 management protocol, and wherein the over-the-air internet 
protocol further comprises an Internet Protocol (Debased Over-The-Air (IOTA) 
Device Management protocol. 

25 5. The method of claim 1 , further comprising determining that the mobile 

station has updated the security-related parameter, and communicating a response 
expressed in the second protocol to the second server, the response indicating that the 
mobile station has updated the security-related parameter. 

30 6. The method of claim 1 , wherein: 

the first and second protocols comprise different transport protocols; 
the request is further expressed in a first management protocol; and 
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packaging further comprises packaging the request in the message, where 
the message is expressed in a second management protocol in addition to the second 
protocol. 

5 7. The method of claim 1 , wherein: 

Ae first and second protocols comprise different transport protocols; 
the request comprises a trigger to cause the mobile station to begin 
operations to update the security-related parameter; and 

packaging further comprises packaging the request in the message, where 
1 0 the message is expressed in a management protocol in addition to the second protocol. 

8. The method of claim 1 , wherein the security-related parameter 

comprises an authentication key. 

1 5 9, The method of claim 1 , wherein the security-related parameter 

comprises a security key. 

1 0. The method of claim 1 , wherein: 

the security-related parameter comprises one of an authentication key or a 
20 security key; and 

the security-related parameter is defined by a Code-Division Multiple 
Access (CDMA) standard. 

1 1 • The method of claim 1, further comprising communicating at least one 

25 additional message expressed in the second protocol to the mobile station, the at least 
one additional message comprising at least one command defined to cause the mobile 
station to determine the security-related parameter. 

* 2. The method of claim 1 , further comprising communicating a first 

30 message and a second message expressed in the second protocol with the mobile 
station, the first message comprising a first command defined to cause the mobile 
station to compute a first value, and the second message comprising a second value 
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and a second command defined to cause the mobile station to compute the security* 
related parameter by using the first and second values. 

13. The method of claim 1 , wherein: 

S the message is a first message; and 

the method further comprises: 

receiving a second message comprising an indication of a version 
of the security-related parameter, the second message expressed in the second 
protocol; and 

10 communicating a third message, expressed in the first protocol and 

comprising the indication, to the second server. 

14. The method of claim 1 ,sfurther comprising receiving an additional 
message comprising at least one parameter, the at least one parameter indicating 

15 whether or not the mobile station supports a certain provisioning protocol. 

15. The method of claim 14, further comprising: 

in response to the at least one parameter indicating that the mobile station 
does support the certain provisioning protocol, performing a first collection of steps; and 
20 in response to the at least one parameter indicating that the mobile station 

does not support the certain provisioning protocol, performing a second collection of 
steps. 

16. The method of claim 1 5, wherein the message is a first message, and 
25 wherein the second collection of steps comprises: 

receiving a second message expressed in the second protocol from the 
mobile station, the second message comprising a first value; 
computing a second value; and 

computing, in response to the second message, the security-related 
30 parameter based on the first and second values; and 

communicating a response expressed in the first protocol to the second 
server, wherein the response comprises the security-related parameter. 
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17. The method of claim 16, wherein the second collection of steps further 
comprises: 

receiving a third message expressed in the second protocol, the third 
message comprising an indication that the first value has been computed by the mobile 
S station; and 

computing a second value further comprises computing, in response to the 
third message, the second value. 

1 8. The method of claim 1 5, wherein the message is a first message, and 
1 0 wherein the first collection of steps comprises: 

receiving from the mobile station a second message, expressed in the 
second protocol, comprising a first value; 

communicating, in a third message expressed in the first protocol, the first 
value to the second server, and 

1 5 receiving, in a fourth message expressed in the first protocol, a second 

value from the second server; and 

communicating, in response to receiving the second value, a fifth message 
expressed in the second protocol to the mobile station, the fifth message comprising the 
second value. 

20 

19. The method of claim 1 8, wherein the first collection of steps further 
comprises: 

receiving a sixth message expressed in the second protocol from the 
mobile station, the sixth message comprising an indication that the first value has been 
25 determined by the mobile station; and 

in response to the sixth message, communicating the indication to the 
server in a seventh message expressed in the first protocol. 

20. The method of claim 1 , wherein: 
30 the message is a first message; and 

the method further comprises: 
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communicating to the mobile station a second message expressed 
in the second protocol, the second message comprising a first command defined 
to cause the mobile station to compute a first value; 

receiving a third message expressed in the second protocol from 
the mobile station, the third message comprising the first value; 

computing a second value; 

computing, in response to fee third message, the security-related 
parameter based on the first and second values; and 

communicating a fourth message expressed in the second protocol 
to the mobile station, the fourth message comprising the second value and a 
second command, the second command defined to cause the mobile station to 
compute the security-related parameter using the first and second values. 



2 1 . The method of claim 20, further comprising; 

15 receiving a fifth message expressed in the second protocol, the fifth 

message comprising an indication that the first value has been computed by the mobile 
station; and 

computing a second value further comprises computing, in response to the 
fifth message, the second value. 

20 

22. The method of claim 1 , wherein: 
the message is a first message; and 
the method further comprises: 

communicating to the mobile station a second message expressed 
25 in the second protocol, the second message comprising a first command defined 

to cause the mobile station to compute a first value; 

receiving a third message expressed in the second protocol, the 
third message comprising the first value; 

communicating, using a fourth message expressed in the first 
30 protocol, the first value to the second server, 

receiving, in a fifth message expressed in the first protocol, a 
second value from the second server, 
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communicating, in response to receiving the second value, a sixth 
message to the mobile station, the sixth message expressed in the second protocol 
and comprising the second value and a second command, the second command 
defined to cause the mobile station to compute the security-related parameter 
5 using the first and second values. 



23. The method of claim 1 8, further comprising: 

receiving, using the second transport, a seventh message from the mobile 
station, the seventh message comprising an indication that the first value has been 
1 0 determined by the mobile station; and 

in response to the seventh message, communicating the indication to the 
server in an eighth message expressed in the first protocol. 



24. An apparatus for communicating with a mobile station in order for the 
1 5 mobile station to update a security-related parameter, the apparatus comprising: 

at least one memory; and 

at least one processor coupled to the at least one memory, the at least one 
processor configured to perform the steps of: 

determining that a request expressed in a first protocol has been made by a 
20 second server for updating the security-related parameter on the mobile station; and 

in response to determining, packaging the request in a message expressed 
in a second protocol and communicating the message to the mobile station. 

25. An apparatus for communicating with a mobile station in order for the 
25 mobile station to update a security-related parameter, comprising^- 

means for determining that a request expressed in a first protocol has been 
made by a second server for updating the security-related parameter on the mobile 
station; and 

means, responsive to the means for determining, for packaging the request 
30 in a message expressed in a second protocol and communicating the message to the 
mobile station. 
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26. The apparatus of claim 25, wherein: 

the first and second protocols comprise different transport protocols; 
the request is further expressed in a first management protocol; and 
the means for packaging further packages the request in the message, 
5 where the message is expressed in a second management protocol in addition to the 
second protocol. 

27. A signal bearing medium tangibly embodying a program of machine- 
readable instructions executable by a digital processing apparatus to perform 
operations to communicate with a mobile station in order for the mobile station to 
update a security-related parameter, the operations comprising: 

determining that a request expressed in a first protocol has been made by a 
second server for updating the security-related parameter on the mobile station; and 

in response to determining, packaging the request in a message expressed 
in a second protocol and communicating the message to the mobile station. 

28. A method performed on a management server for communicating with 
a mobile station in order for the mobile station to update a security-related parameter, 
comprising: 

receiving from a second server a first message expressed in a signaling 
protocol, the first message comprising a first request message, the first request message 
expressed in a first data management protocol and defined to request updating the 
security-related parameter on the mobile station; and 

in response to determining, packaging the first request message in a 
second request message expressed in a second data management protocol, and 
communicating the second request message in a second message expressed in an internet 
protocol to the mobile station. 

29. A method performed on a mobile station for updating a security-related 
30 parameter, comprising: 

receiving a message expressed in a first protocol from a server and 
comprising a request for the mobile station to update the security-related parameter, the 

request expressed in a second jrctcool; and 

29 
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performing, in response to the message, at least one operation in order to 
update the security-related parameter. 

30. The method of claim 29, further comprising communicating an 

5 additional message expressed in the first protocol to the server, the additional message 
indicating the security-related parameter has been updated. 

31 . The method of claim 29, wherein the first protocol comprises an 
internet protocol and the second protocol comprises a management protocol. 

10 

32. The method of claim 3 1 , wherein the internet protocol comprises an 
over-the-air internet protocol. 

33. The method of claim 3 1 , wherein the over-the-air internet protocol 
1 5 further comprises an Internet Protocol (IP)-based Over-The-Air (IOTA) Device 

Management protocol, and wherein the management protocol comprises an IS-683 
over-the-air management protocol. 

34. The method of claim 3 1 , wherein the management protocol is a first 
20 management protocol and wherein the message is further expressed in a second 

management protocol. 

35. The method of claim 34, wherein the first and second management 
protocols are different over-the-air management protocols. 

25 

36. The method of claim 29, wherein: 

the first protocol comprises a transport protocol; and 
the request defines a trigger to cause the mobile station to begin operations 
to update the security-related parameter. 

30 

37. The method of claim 29, wherein the security-related parameter 
comprises an authentication key. 
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38. The method of claim 29, wherein the security-related parameter 
comprises a security key. 

39. The method of claim 38, wherein the security key is defined by a Code- 
5 Division Multiple Access (CDMA) standard. 

40. The method of claim 29, wherein the message is a first message, and 
wherein the method further comprises communicating a second message expressed in 
the first protocol to the server, the second message comprising at least one parameter, 

10 the at least one parameter indicating whether or not the mobile station supports a 
certain provisioning protocol. 

4 1 . The method of claim 29, wherein: 

the method further comprises receiving at least one command message 
1 5 from the server, the at least one command message comprising at least one command 
defined to cause the mobile station to determine the security-related parameter, and 

performing at least one operation further comprises performing, in 
response to the at least one command message, at least one operation defined by the at 
least one command in order to determine the security-related parameter. 

20 

42. The method of claim 29, wherein: 

the method further comprises receiving a first message expressed in the 
first protocol from the server, the first message comprising a first command defined to 
cause the mobile station to compute a first value; and 
25 performing at least one operation further comprises performing at least 

one first operation defined by the first command in order to compute the first value. 

43 . The method of claim 42, further comprising communicating a second 
message expressed in the first protocol to the server, the second message comprising 

30 an indication that the first value has been computed. 
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44. The method of claim 42, wherein: 

the method further comprises receiving a second message expressed in the 
second protocol from the server, the second message comprising a second value and a 
second command defined to cause the mobile station to compute the security-related 
5 parameter by using the first and second values; and 

performing at least one operation further comprises performing at least 
one second operation defined by the second command to compute the security-related 
parameter, the at least one second operation using the first and second values during the 
computation of the security-related parameter. 

10 

45 . The method of claim 44, wherein one or more of performing at least 
one first operation and performing at least one second operation uses at least one node 
in a management tree to store information. 

1 5 46. The method of claim 45, wherein the node is a temporary node and 

wherein performing at least one operation further comprises deleting the at least one 
node in response to performing a predetermined operation of the at least one first 
operation and the at least one second operation. 

20 47. A mobile station that updates a security-related parameter, the mobile 

station comprising: 

at least one memory; and 

at least one processor coupled to the at least one memory, the at least one 
processor configured to perform the steps of: 
25 receiving a message expressed in a first protocol from a server and 

comprising a request for the mobile station to update the security-related parameter, the 
request expressed in a second protocol; and 

performing, in response to the message, at least one operation in order to 
update the security-related parameter. 

30 

48. The mobile station of claim 47, wherein the at least one memory 

farther comprises a signal bearing medium tangibly embodying a program of 
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machine-readable instructions executable by the at least one processor to perform the 
receiving and performing operations. 

49. A mobile station that updates a security-related parameter, comprising: 
5 means for receiving a message expressed in a first protocol from a server 

and comprising a request for the mobile station to update the security-related parameter, 
the request expressed in a second protocol; and 

means for performing, in response to the message, at least one operation in 
order to update the security-related parameter. 

10 

50. The apparatus of claim 49, wherein the first protocol comprises an 
internet protocol, the second protocol comprises a first management protocol, and 
wherein the message is further expressed in a second management protocol. 
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